OpenPGP personal keys are lost because Thunderbird Daily replaced file encrypted-openpgp-passphrase.txt (returned unexpected: 301989892, RNP_ERROR_BAD_PASSWORD)
Categories
(Thunderbird :: Message Compose Window, defect, P1)
Tracking
(thunderbird_esr102 unaffected, thunderbird106 unaffected)
Tracking | Status | |
---|---|---|
thunderbird_esr102 | --- | unaffected |
thunderbird106 | --- | unaffected |
People
(Reporter: aleca, Assigned: KaiE)
References
(Regression)
Details
(Keywords: dataloss, regression, Whiteboard: [fixed by backout])
Attachments
(1 obsolete file)
I'm not sure when it started and how, but the subject and body of draft messages is not saved. Currently happening on trunk/daily.
STR:
- Compose a new message
- Write something in the body and the subject
- Save as draft
- Close the compose window
- Go to drafts and double click on the recently saved message
RESULT:
The message is blank.
Another issue, not sure if related:
If I try to open that draft from another machine, I get the "unable to decrypt" error.
I have OpenPGP configured in the original machine but I didn't encrypt the message before saving it, and I have "Disable encryption for new messages" option checked.
Marking this as P1 and S1 since it's pretty nasty.
102 is not affected if the message is saved from there.
Reporter | ||
Updated•2 years ago
|
Assignee | ||
Comment 1•2 years ago
|
||
We always encrypt draft messages, as soon as you have OpenPGP configured, as a precaution.
If you have OpenPGP configured, you were in possession of the private key at the time of confguring. We're using the public key for encryption.
If you're opening a saved draft message, the private key should still be available and should be usable for decryption.
If you don't have the private key on another computer, it's expected that you cannot decrypt the message.
Reporter | ||
Comment 2•2 years ago
|
||
(In reply to Kai Engert (:KaiE:) from comment #1)
We always encrypt draft messages, as soon as you have OpenPGP configured, as a precaution.
If you have OpenPGP configured, you were in possession of the private key at the time of confguring. We're using the public key for encryption.
If you're opening a saved draft message, the private key should still be available and should be usable for decryption.
That's the problem. The message is not descrypted when opening from draft on the same machine on the same TB installation with the same OpenPGP key configuration.
Reporter | ||
Comment 3•2 years ago
|
||
I guess our draft tests didn't catch this because we don't test that with OpenPGP enabled.
We definitely should.
Assignee | ||
Comment 4•2 years ago
|
||
(In reply to Alessandro Castellani [:aleca] from comment #3)
I guess our draft tests didn't catch this because we don't test that with OpenPGP enabled.
You would not catch that unless you restart and try to use the files from a different session
Assignee | ||
Comment 5•2 years ago
|
||
This regression was caused by bug 1790610
Assignee | ||
Comment 6•2 years ago
|
||
Notice for users who are affected by this bug:
If you have started a Thunderbird Daily version between 2022-09-22 and 2022-09-26, and you have OpenPGP secret keys in your Thunderbird profile, those OpenPGP secret keys are lost.
The reason is that a fresh file encrypted-openpgp-passphrase.txt was replaced.
The previous file encrypted-openpgp-passphrase.txt was necessary to decrypt the contents of file secring.gpg
If you have a backup of the files from your profile, you can attempt to restore a previous version of file encrypted-openpgp-passphrase.txt
Reporter | ||
Comment 7•2 years ago
|
||
(In reply to Kai Engert (:KaiE:) from comment #4)
(In reply to Alessandro Castellani [:aleca] from comment #3)
I guess our draft tests didn't catch this because we don't test that with OpenPGP enabled.
You would not catch that unless you restart and try to use the files from a different session
Mh, I don't think so.
The problem happens immediately after closing the compose and opening the saved draft, in the same session without closing Thunderbird. So this scenario can be tested.
Assignee | ||
Comment 8•2 years ago
|
||
(In reply to Alessandro Castellani [:aleca] from comment #7)
The problem happens immediately after closing the compose and opening the saved draft, in the same session without closing Thunderbird. So this scenario can be tested.
The problem happened earlier. The corruption was created at startup.
At the time you're composing the message, you already had the corruption. Your private key was already gone. You simply didn't notice yet, because for encryption only the public key was necessary (and the public key is still available).
Not before you attempted to edit the draft you needed the private key for decryption.
Comment 9•2 years ago
|
||
Fixed by backout: https://hg.mozilla.org/comm-central/rev/cc3f06995948
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 10•2 years ago
|
||
Updated•2 years ago
|
Assignee | ||
Comment 11•2 years ago
|
||
Users of Thunderbird, who are affected by this bug, lost access to their OpenPGP secret keys.
Because only users of daily are affected, and hopefully very few, I suggest that we do NOT automatically repair.
It would be difficult anyway.
I don't think we should generally automatically move away the file with secret keys, that seems dangerous.
However, I would like to enable affected users to notice the problem.
Currently, users will experience broken OpenPGP functionality, and exceptions, with no indication why it's failing.
The attached patch will inform users when this scenario is experienced.
If we are unable to access a stored OpenPGP secret key, because our automatic password doesn't work, the patch shows an alert message that explains the situation, and asks users to manually clean up.
This patch can be useful in general. If some experienced users attempt to directly modify the secring.gpg file found in the Thunderbird profile directory (which they shouldn't do), they could cause the same kind of problem.
Assignee | ||
Comment 12•2 years ago
|
||
(In reply to Magnus Melin [:mkmelin] from comment #9)
Fixed by backout: https://hg.mozilla.org/comm-central/rev/cc3f06995948
This fix ensures that we don't damage additional profiles.
It doesn't repair the damage that was already created unfortunately.
Updated•2 years ago
|
Assignee | ||
Comment 13•2 years ago
|
||
Based on discussions in chat, we decided to not implement automatic repairing or information for users who are affected by this issue - because only users of Daily are affected, and it's a common risk of running the experimental Daily software, and therefore it seems acceptable to require manual repairing, and it seems also acceptable that users of Daily are able to reset their Thunderbird profile in case of problems. A message explaining the situation has been posted to the Thunderbird Daily mailing list:
https://thunderbird.topicbox.com/groups/daily/Tbf35bdb3aa11f6b3/daily-versions-2022-09-22-to-20-09-25-corrupted-openpgp-secret-key-storage
Assignee | ||
Comment 14•2 years ago
|
||
(In reply to Magnus Melin [:mkmelin] from comment #9)
Fixed by backout: https://hg.mozilla.org/comm-central/rev/cc3f06995948
Resolving fixed.
Assignee | ||
Updated•2 years ago
|
Description
•